Filtered by vendor Drupal
Subscriptions
Total
834 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-6928 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-09-16 | N/A |
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations. | ||||
CVE-2009-4517 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content. | ||||
CVE-2012-2064 | 2 Drupal, Mark Theunissen | 2 Drupal, Views Lang Switch | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
CVE-2015-8095 | 2 Drupal, Monster Menus Module Project | 2 Drupal, Monster Menus | 2024-09-16 | N/A |
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern. | ||||
CVE-2012-4498 | 2 Drupal, Morbus Iff | 2 Drupal, Activism | 2024-09-16 | N/A |
The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact. | ||||
CVE-2009-1942 | 1 Drupal | 1 Quiz | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-5589 | 2 Drupal, Netgenius | 2 Drupal, Multilink | 2024-09-16 | N/A |
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. | ||||
CVE-2009-1343 | 1 Drupal | 2 Drupal, Print | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles. | ||||
CVE-2009-3568 | 3 Dave Reid, Drupal, Gabor Hojtsy | 3 Commentrss, Drupal, Commentrss | 2024-09-16 | N/A |
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | ||||
CVE-2013-2247 | 2 Drupal, Fast Permissions Administration Project | 2 Drupal, Fast Permission Administration | 2024-09-16 | N/A |
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. | ||||
CVE-2009-2076 | 1 Drupal | 2 Drupal, Views | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. | ||||
CVE-2012-4487 | 2 Boombatower, Drupal | 2 Subuser, Drupal | 2024-09-16 | N/A |
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created. | ||||
CVE-2012-4493 | 2 Drupal, Roy Baxter | 2 Drupal, Better Revisions | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-2116 | 2 Commerceguys, Drupal | 2 Commerce Reorder, Drupal | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. | ||||
CVE-2012-5704 | 2 Drupal, Justin Dodge | 2 Drupal, Hotblocks | 2024-09-16 | N/A |
The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself. | ||||
CVE-2013-0258 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2024-09-16 | N/A |
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. | ||||
CVE-2013-1908 | 3 Acquia, Commons Wikis Project, Drupal | 3 Commons, Commons Wikis, Drupal | 2024-09-16 | N/A |
The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | ||||
CVE-2009-4520 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Commentreference | 2024-09-16 | N/A |
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. | ||||
CVE-2012-3798 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2024-09-16 | N/A |
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. | ||||
CVE-2009-3784 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2024-09-16 | N/A |
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |